Is everyone's credit card info now for sale on the internet?

Posted by Rurik Bradbury on September 30, 2014


Yet another story of apparent credit card hacks yesterday, as SuperValu, the supermarket chain, announced it had suffered a payment systems attack which installed malware and potentially stole card data.

Embarrassingly, this is the second successful attack on SuperValue in recent months, following the first in June and July. 

More details on the story are here.  This attack continues the no-good, terrible, very bad year for merchants and consumers in which record numbers of credit cards and personal data were stolen and put up for sale online by cyber criminals.

With Target and Home Depot alone losing almost 100 million customers' card information -- depending on the overlap of customers between the two -- we live in a time where huge numbers of people are constantly at risk of identity theft.

Underground websites where this data is sold have made hundreds of millions or billions of dollars through these illegal data sales, even though the supply glut of personal data has driven prices down to $9 per stolen card details.

For merchants who bear the cost of any fraud that gets through, these leaks leave them open to attack from all sides: with just about everyone's card details for sale, any online customer could be fraudulent. Older generations of antifraud technology are too crude to cope with this onslaught, which is why we developed "data fingerprinting" as an alternative.